ISO/IEC 27001

ISO/IEC 27001 is the international standard for an information security management system (ISMS), specifying how an organization assesses risk and selects controls to protect the confidentiality, integrity, and availability of information. The current edition is ISO/IEC 27001:2022, whose Annex A lists 93 controls grouped into organizational, people, physical, and technological themes. Shipping companies adopt it to structure shore-side and fleet cyber governance and to demonstrate due diligence under the EU NIS2 Directive and IMO Resolution MSC.428(98). Certification is granted against the standard by accredited bodies, with the related guidance in ISO/IEC 27002.